CVE-2019-0223
Vulnerability from cvelistv5
Published
2019-04-23 15:57
Modified
2024-08-04 17:44
Severity ?
Summary
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
References
security@apache.orghttp://www.openwall.com/lists/oss-security/2019/04/23/4Mailing List, Third Party Advisory
security@apache.orghttp://www.securityfocus.com/bid/108044Broken Link
security@apache.orghttps://access.redhat.com/errata/RHSA-2019:0886Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2019:1398Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2019:1399Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2019:1400Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2019:2777Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2019:2778Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2019:2779Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2019:2780Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2019:2781Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2019:2782Third Party Advisory
security@apache.orghttps://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanelIssue Tracking, Vendor Advisory
security@apache.orghttps://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:44:15.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[qpid-dev] 20190423 [jira] [Updated] (PROTON-2014) [CVE-2019-0223] TLS Man in the Middle Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E"
          },
          {
            "name": "[qpid-dev] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E"
          },
          {
            "name": "[oss-security] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/04/23/4"
          },
          {
            "name": "[announce] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel"
          },
          {
            "name": "qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"
          },
          {
            "name": "108044",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108044"
          },
          {
            "name": "RHSA-2019:0886",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0886"
          },
          {
            "name": "RHSA-2019:1399",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1399"
          },
          {
            "name": "RHSA-2019:1400",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1400"
          },
          {
            "name": "RHSA-2019:1398",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1398"
          },
          {
            "name": "RHSA-2019:2777",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2777"
          },
          {
            "name": "RHSA-2019:2778",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2778"
          },
          {
            "name": "RHSA-2019:2779",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2779"
          },
          {
            "name": "RHSA-2019:2780",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2780"
          },
          {
            "name": "RHSA-2019:2781",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2781"
          },
          {
            "name": "RHSA-2019:2782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2782"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Qpid Proton",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "0.9 to 0.27.0"
            }
          ]
        }
      ],
      "datePublic": "2019-03-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Man-in-the-middle Attack",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-20T13:06:22",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[qpid-dev] 20190423 [jira] [Updated] (PROTON-2014) [CVE-2019-0223] TLS Man in the Middle Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E"
        },
        {
          "name": "[qpid-dev] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E"
        },
        {
          "name": "[oss-security] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/04/23/4"
        },
        {
          "name": "[announce] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel"
        },
        {
          "name": "qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"
        },
        {
          "name": "108044",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108044"
        },
        {
          "name": "RHSA-2019:0886",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0886"
        },
        {
          "name": "RHSA-2019:1399",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1399"
        },
        {
          "name": "RHSA-2019:1400",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1400"
        },
        {
          "name": "RHSA-2019:1398",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1398"
        },
        {
          "name": "RHSA-2019:2777",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2777"
        },
        {
          "name": "RHSA-2019:2778",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2778"
        },
        {
          "name": "RHSA-2019:2779",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2779"
        },
        {
          "name": "RHSA-2019:2780",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2780"
        },
        {
          "name": "RHSA-2019:2781",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2781"
        },
        {
          "name": "RHSA-2019:2782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2782"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2019-0223",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Qpid Proton",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "0.9 to 0.27.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Man-in-the-middle Attack"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[qpid-dev] 20190423 [jira] [Updated] (PROTON-2014) [CVE-2019-0223] TLS Man in the Middle Vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b@%3Cdev.qpid.apache.org%3E"
            },
            {
              "name": "[qpid-dev] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5@%3Cdev.qpid.apache.org%3E"
            },
            {
              "name": "[oss-security] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/04/23/4"
            },
            {
              "name": "[announce] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f@%3Cusers.qpid.apache.org%3E"
            },
            {
              "name": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel",
              "refsource": "MISC",
              "url": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel"
            },
            {
              "name": "qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E"
            },
            {
              "name": "108044",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108044"
            },
            {
              "name": "RHSA-2019:0886",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0886"
            },
            {
              "name": "RHSA-2019:1399",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1399"
            },
            {
              "name": "RHSA-2019:1400",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1400"
            },
            {
              "name": "RHSA-2019:1398",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1398"
            },
            {
              "name": "RHSA-2019:2777",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2777"
            },
            {
              "name": "RHSA-2019:2778",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2778"
            },
            {
              "name": "RHSA-2019:2779",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2779"
            },
            {
              "name": "RHSA-2019:2780",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2780"
            },
            {
              "name": "RHSA-2019:2781",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2781"
            },
            {
              "name": "RHSA-2019:2782",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2782"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2019-0223",
    "datePublished": "2019-04-23T15:57:07",
    "dateReserved": "2018-11-14T00:00:00",
    "dateUpdated": "2024-08-04T17:44:15.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-0223\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2019-04-23T16:29:00.467\",\"lastModified\":\"2023-11-07T03:01:52.417\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.\"},{\"lang\":\"es\",\"value\":\"Mientras investig\u00e1bamos el error PROTON-2014, descubrimos que en algunas circunstancias las versiones de Apache Qpid Proton 0.9 a 0.27.0 (librer\u00eda de C y sus adaptaciones de lenguaje) pueden conectarse a un peer de forma an\u00f3nima utilizando TLS *incluso cuando est\u00e1 configurado para verificar el certificado del peer* mientras se utiliza con versiones de OpenSSL anteriores a la 1.1.0. Esto significa que un ataque man in the middle podr\u00eda ser construido si un atacante puede interceptar el tr\u00e1fico TLS.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.9\",\"versionEndIncluding\":\"0.27.0\",\"matchCriteriaId\":\"EF9D1E83-264F-4FD3-91DC-7E5CC856C36D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_amq_clients_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A493C8B-B5B9-4BE2-A449-24BE131FF8D3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DFA94D5-0139-490C-8257-0751FE9FBAE4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29B186E5-7C2F-466E-AA4A-8F2B618F8A14\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"704CFA1A-953E-4105-BFBE-406034B83DED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB7F358B-5E56-41AB-BB8A-23D3CB7A248B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87F6E32E-6AF3-489A-AFEF-D5309E0D1779\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB283C80-F7AF-4776-8432-655E50D7D65B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5B7C3FA-0F90-47ED-835F-FBA07B3993E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"967EC28A-607F-48F4-AD64-5E3041C768F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"807C024A-F8E8-4B48-A349-4C68CD252CA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F96E3779-F56A-45FF-BB3D-4980527D721E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92C9F1C4-55B0-426D-BB5E-01372C23AF97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF83BB87-B203-48F9-9D06-48A5FE399050\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16E6D998-B41D-4B49-9E00-8336D2E40A4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C8D871B-AEA1-4407-AEE3-47EC782250FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98381E61-F082-4302-B51F-5648884F998B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99A687E-EAE6-417E-A88E-D0082BC194CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6755B6AD-0422-467B-8115-34A60B1D1A40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5F7E11E-FB34-4467-8919-2B6BEAABF665\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2019/04/23/4\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108044\",\"source\":\"security@apache.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0886\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1398\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1399\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1400\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2777\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2778\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2779\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2780\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2781\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2782\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E\",\"source\":\"security@apache.org\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.